Is security growing up? Business intelligence is a key; Sensage extends connectors to BI tools

By | March 06, 2012

Posted in: Network Security Trends

Enterprises “get” the value of information. They understand that they receive, generate and store staggering volumes of data, which has the potential to be leveraged as actionable intelligence. The company that does the best job of correlating and analyzing their data and putting it to work has a leg up over the competition. It can be argued that business intelligence — and the market that has grown around it — is increasingly growing essential to enterprise success. But what about security intelligence?

Security folks have been moving in this direction for several years, even if they didn’t quite know it at first. The security information and event management (SIEM) market grew first from security event management, trying to do a better of job of detecting and alerting/reporting on possible security events across the network and morphed as more emphasis was placed on making effective use of the large amount of data that was being aggregated, normalized, correlated and analyzed. Frankly, this information was leveraged primarily for compliance more than pure security for a long while, and still is in many if not most use cases. Log management vendors found a strong market and ramped up into SIEM, while SIEM vendors sought to take advantage of the suddenly hot, compliance-driven log management market.

As the security industry matures, practitioners are starting to think like business people; they are getting better at walking the walk and talking the talk. Security intelligence — understanding everything that’s happening within and to your network, applications, and critical data and making good use of all this information at your disposal — is not about security per se. It’s about the business and how security impacts business risk. From that perspective, security folks can talk to business folks in terms they understand, backed by metrics that demonstrate how security can reduce risk and enable business.

SIEM vendor Sensage  has taken this a step farther, embracing and facilitating the connection between security intelligence and business intelligence. Ultimately, it can be argued convincingly that security intelligence is part of business intelligence. A subset dealing with aspects of business risk, if you will. Sensage has taken the initiative to build connectors into business intelligence tools applying standard data types and standard SQL language to create bidirectional data exchange and functionality. Sensage opened up its data to third-party business intelligence (BI) tools and dashboards in its 4.6 release just over a year ago, enabling organizations to leverage security data with business data analysis and create highly customized reports. Sensage enables this through Open Database Connectivity/Java Database Connectivity (ODBC/JDBC) APIs.

The vision-thing is to facilitate data mining on the security side. Sensage is attempting to create a community in which enterprises create dashboards and analysis that can be easily shared and security/business data exchanged through universal standards. (Sensage does not, of course, corner the market on security intelligence. It is common coin in the SIEM market. Q1 Labs (IBM), for example, makes it a selling point and builds its product line on its Security Intelligence Platform.)

Sensage’s approach grows out of its data warehousing capabilities; its ability to handle huge volumes of data efficiently has been a key selling point in the SIEM market. It’s a market that has been consolidating rapidly, as a number fo the leading vendors have been gobbled up. In October, IBM acquired Q1 Labs and McAfee bought NitroSecurity on the same day.HP acquired ArcSight, the generally acknowledged market leader, in 2010. RSA acquired Network Intelligence and Novell acquired e-Security back in 2006. There are a bunch of other companies in this market, including LogLogic, eIQnetworks, Quest Software, LogRhythm, Prism Microsystems, netForensics, Tenable Network Security, TriGeo, NetIQ, Splunk, Tripwire, AlienVault (an open-source SIEM), S21sec, Tier-3, Tango/04 and CorreLog.

Interestingly, one of the features of the new Sensage 5.0 release is a connector to ArcSight. The rationale is that ArcSight customers will remain committed to their investment, but will want to leverage Sensage’s business intelligence and data warehousing capabilities. Other enhancements include support for BI tools from SAP and Pentaho, improved performance and analytics, and what Sensage characterizes as “near real-time” data loads, enabling what it calls a “trickle feed” as opposed to staggered batch loads.

You May Also Be Interested In: